Study Guide - Chap 20: Analyzing System Properties and Remediation Flashcards
(29 cards)
1- Which of the following is true concerning network sockets? (Choose all that apply.)
- Numbers used to identify which service is transmitting data
- A single endpoint of a network connection’s two endpoints
- Uses a combination of an IP address and a port number
- Endpoints between processes on a local system
- Provides better IPC than localhost
- A single endpoint of a network connection’s two endpoints
- Uses a combination of an IP address and a port number
A network socket is a single endpoint of a network connection’s two endpoints. That single endpoint is on the local system, bound to a particular port, and uses a combination of an IP address and a port number. Therefore, options B and C are correct answers. Ports use numbers to identify which service or application is transmitting data, and thus option A is a wrong answer. Unix sockets are endpoints between processes on a local system and provide better interprocess communication (IPC) than localhost. Therefore, options D and E are incorrect choices.
2- The system administrator, Preston, has noticed that the IPv4 network seems sluggish. He decides to run some tests to check for high latency. Which of the following utilities should he use? (Choose all that apply.)
- iperf
- ping
- ip neigh
- dig
- traceroute
- iperf
- ping
- traceroute
The iperf, ping, and traceroute utilities will help test the network for high latency (slowness) in order to determine the cause. Thus, options A, B, and E are correct answers. The ip neigh command is used to check the routing tables and is often employed in situations where a duplicate or incorrect MAC address is causing problems on a local network segment. Therefore, option C is a wrong answer. The dig utility checks name server resolutions, not high latency. Thus, option D is also an incorrect choice.
3- Scott has formulated a problem cause theory that routers are saturated with traffic and dropping TCP packets from their queues. Which of the following tools should he employ to test this theory? (Choose all that apply.)
- mtr
- ifconfig
- ethtool -s
- tracepath
- traceroute
- mtr
- tracepath
- traceroute
The mtr, tracepath, and traceroute utilities all allow Mr. Scott to view router packets traveling through certain network segments and isolate which routers may be dropping packets. Therefore, options A, D, and E are correct answers. The ifconfig tool is for viewing and configuring network adapters. Therefore, option B is a wrong answer. The ethtool -s command will show adapter statistics but not router information, and therefore option C is also an incorrect choice.
4- The network engineer, Keenser, believes the choices of name servers in the system’s /etc/resolv.conf file are inefficient. Which of the following tools can he employ to test new server choices?
- dnsmasq
- whois
- nmap
- nslookup
- ipset list
nslookup
The nslookup utility can be used along with the time command to test new name servers to see if they are more efficient (faster). Thus, option D is the correct answer. Option A’s dnsmasq is caching‐only name server software, so it is a wrong answer. The whois utility performs queries of Whois servers, not name servers. Thus, option B is an incorrect answer. The nmap utility is used for network mapping and analysis (or pentesting), and therefore, option C is a wrong choice. The ipset list command displays the various IPsets on a system but is not involved with name resolution. Thus, option E is an incorrect choice.
mtr
A network diagnostic tool that combines ping and traceroute functionality, providing real-time statistics about packet loss and latency to each hop along the network path.
ifconfig
A legacy command-line utility used to configure, display, and control network interface parameters like IP addresses, netmasks, and interface status (largely replaced by the ip command).
ethtool -s
Sets or modifies Ethernet adapter settings such as speed, duplex mode, auto-negotiation, and other hardware-specific parameters for network interfaces.
tracepath
A network diagnostic tool similar to traceroute that traces the path packets take to a destination, but doesn’t require root privileges and focuses on discovering MTU along the path.
traceroute
A network diagnostic utility that displays the route and transit delays of packets across an IP network by sending packets with incrementally increasing TTL values.
Mera, a Linux system admin, believes a new application on her system is producing too much I/O for a particular partition, causing the system’s processor to appear sluggish. Which tool should she use to test her problem cause theory?
- iostat
- ioping
- du
- df
- iotop
iostat
The iostat command displays I/O wait, which is a performance statistic showing the amount of time a processor must wait on disk I/O. Therefore, option A is the correct answer. The ioping utility is more for testing new disks on performance items such as disk I/O latency, seek rates, sequential speeds, and so on. Therefore, option B is a wrong answer. The du and df commands are useful for situations where disk space is an issue but do not provide I/O wait statistics. Therefore, options C and D are incorrect answers. The iotop utility is helpful in locating an application or process causing high I/O but not CPU latency due to high I/O. Thus, option E is also an incorrect answer.
iostat
A system monitoring tool that displays CPU utilization statistics and input/output statistics for devices and partitions, helping identify I/O bottlenecks and system performance issues.
iotop
An interactive tool that displays real-time disk I/O usage by individual processes, showing which processes are reading/writing to disk and their I/O rates in a top-like interface.
du
disk usage - Reports the amount of disk space used by files and directories, commonly used with options like -h for human-readable format and -s for summary totals.
df
disk free - Displays filesystem disk space usage including total space, used space, available space, and mount points for all mounted filesystems.
6- From analysis, Arthur believes the system’s I/O throughput will improve by changing the I/O scheduler. On his system is a real‐time application, which uses a database located on a solid‐state drive. Which I/O scheduler should Arthur choose?
- scheduler
- deadline
- queue
- cfq
- noop
deadline
The deadline I/O scheduler is good for situations where increased database I/O and overall reduced I/O latency are needed, and/or an SSD is employed, and/or a real‐time application is in use. Therefore, option B is the correct answer. Option A is the I/O scheduler configuration file’s name, and therefore it is a wrong answer. Option C is one of the subdirectories in the directory that contains the I/O scheduler configuration file, such as /sys/block/sdc/queue/. Thus, option C is also an incorrect answer. The cfq scheduler is best for situations where more balanced I/O handling is needed and/or the system has a multiprocessor. Therefore, option D is a wrong answer. The noop I/O scheduler is good for situations where an SSD is employed but less CPU usage is needed. Therefore, option E is an incorrect choice.
7- Using the uptime command, you will see CPU load averages in what increments? (Choose all that apply.)
- 1 minute
- 5 minutes
- 10 minutes
- 15 minutes
- 20 minutes
- 1 minute
- 5 minutes
- 15 minutes
The uptime command displays CPU load averages in 1‐, 5‐, and 15‐minute increments. Thus, options A, B, and D are correct answers and options C and E are incorrect choices.
8- Mary wants to view her system’s processor performance over time. Which is the best utility for her to employ?
- uptime
- sysstat
- sar
- cat /proc/cpuinfo
- sysctl
sar
The sar utility is the best one for viewing a system’s processor performance over time. It uses data stored by the sadc program in the /var/log/sa/ directory, which contains up to a month’s worth of data. Therefore, option C is the correct answer. The uptime utility is handy to view processor performance, but sar is a better one for viewing it over time. Thus, option A is a wrong answer. sysstat is a package that provides the sar utility, and therefore, option B is an incorrect answer. The /proc/cpuinfo file contains detailed processor information, but it is not the best for viewing CPU performance. Thus, option D is also a wrong choice. The sysctl utility is used to view or tweak kernel parameters. Therefore, option E is an incorrect choice.
noop
No Operation - A simple I/O scheduler that performs minimal reordering of I/O requests, essentially serving requests in first-in-first-out order, typically used for SSDs or virtual machines.
deadline
An I/O scheduler that attempts to provide guaranteed latency for read and write requests by enforcing deadlines, ensuring no request waits indefinitely while still allowing some request merging and reordering.
9- Gertie needs to determine a swap space element’s type, name, and priority. Which command should she use?
- vmstat
- free
- fstab
- swapoff
- swapon -s
swapon -s
The swapon -s command will allow Gertie to view a swap space element’s type, name, and priority. Therefore, option E is the correct answer. The vmstat utility provides a lot of memory statistics, including disk I/O specific to swapping as well as total blocks in and blocks out to the device. However, it does not provide the information Gertie needs, so option A is a wrong answer. The free command shows memory items such as free memory, used memory, and buffer/cache usage. Thus, option B is an incorrect answer. fstab is not a command, but a file. This file is where swap partitions/files must have records in order for the swap space to remain persistent through reboots. Therefore, option C is a wrong choice. The swapoff utility disengages a partition/file from swap space, and thus, option D is an incorrect choice.
uptime
Displays how long the system has been running, current time, number of logged-in users, and system load averages for the past 1, 5, and 15 minutes.
sysstat
A collection of system performance monitoring tools including sar, iostat, mpstat, and others that collect, report, and save system activity information.
sar
System Activity Reporter - A comprehensive system monitoring tool that collects and displays various system performance metrics like CPU usage, memory usage, network activity, and disk I/O over time.
sysctl
A utility for examining and modifying kernel parameters at runtime, allowing administrators to tune system behavior without rebooting by reading/writing values in /proc/sys/.
